PT-2020-5332 · X.Org+8 · X.Org Server+8

Jan-Niklas Sohn

·

Published

2020-08-25

·

Updated

2024-06-15

·

CVE-2020-14362

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions X.Org Server versions prior to 1.20.9
Description A flaw was found in the X.Org Server, where an integer underflow can lead to a heap-buffer overflow, potentially resulting in a privilege escalation issue. The highest threat from this issue is to data confidentiality and integrity, as well as system availability. The vulnerability is related to the SProcRecordQueryVersion function in the record.c file of the X Window System Xorg-server, which is associated with an integer overflow value. Exploitation of the vulnerability could allow an attacker to access confidential data, compromise data integrity, and cause a denial of service.
Recommendations For versions prior to 1.20.9, update to version 1.20.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the SProcRecordQueryVersion function in the record.c file until a patch is available.

Exploit

Fix

Integer Overflow

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-191

Related Identifiers

ALSA-2021:1804
ALT-PU-2020-2670
ALT-PU-2024-1181
ALT-PU-2024-3261
BDU:2021-00126
CESA-2020_4910
CESA-2020_4953
CESA-2021_1804
CVE-2020-14362
DLA-2359-1
DSA-4758-1
MGASA-2020-0350
OPENSUSE-SU-2020:1374-1
OPENSUSE-SU-2020:1376-1
OPENSUSE-SU-2020_1374-1
OPENSUSE-SU-2020_1376-1
OPENSUSE-SU-2024:11525-1
RHSA-2020:4910
RHSA-2020:4953
RHSA-2020_4910
RHSA-2020_4953
RHSA-2021:1804
RHSA-2021_1804
RLSA-2021:1804
SUSE-SU-2020:14475-1
SUSE-SU-2020:2398-1
SUSE-SU-2020:2399-1
SUSE-SU-2020:2401-1
SUSE-SU-2020:2407-1
SUSE-SU-2020:2452-1
SUSE-SU-2020:2481-1
USN-4488-1
USN-4488-2
ZDI-20-1419

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu
X.Org Server